© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Cyber Warfare e scenari di mercato °SEC1
HP ESP Enterprise Security Product
Pierpaolo Alì
Regional Sales Director Italy
HP Software Performance Tour 2013Baveno, 20-21 Giugno
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2
Cyber Security Risk Report 2012
Asset
Le vulnerabilità totali sono cresciute del 19%
6.844 nel 2011 > 8.137 nel 2012
Cross-Site <Scripting rimangono il maggior problema per gli utenti Web
Quasi il 50% delle Web Application vulnerabili nel 2012
Le nuove vulnerabilità mobile crescono rapidamente +68%
158 nel 2011 > 266 nel 2012
Tecnologie mature continuano a introdurre nuovi rischi
Vulnerabilità SCADA +768% da 22 nel 2008 a 191 nel 2012
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3
Ponemon Institute – Cost of Cyber Crime 2012 -
Asset
Costo medio per le aziende per anno è salito del 6% vs. 2011 Da 8,4 Ml$ nel 2011 a 8,9 Ml $ nel 2012
Cyber Attacks sono cresciuti del 42%Media di 102 attacchi andati a buon fine per settimana rispetto ai 72 del 2011 e 50 nel 2010
Tempo medio per risolvere un attacco cresce a del 33% a 24 giorniEra 14 gg. nel 2010, 18 gg. nel 2011
Implementazione di una soluzione di Security intelligence può mitigare gli impatti dei Cyber-attacks. Le Aziende che hanno sviluppato una soluzione di SIEM hanno avuto risparmi vicini a 1,6Ml$/anno.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4
HP ESP segna il passo nel mondo Security
FSRGFortify Security Research
Group
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5
Intelligent Security & Risk management Platform
•Security Policy Shaping• IPS Real-time Protection for
Physical and Virtual Environments
•Zero-day Attacks Response• IP Reputation Protection
•Real-time Event analysis & Correlation
• Incident Management & Forensics•Network Behavioral Profiling•Fraud Detection•Automatic Response
•Code review (Sw lifecycle)•Asset Discovery•Vulnerability Assessment•Threat Profiling
•Gap Analysis, Coverage Vs Attack Surface
• Incident and Threat Statistics• Technology Refresh•Process Review
Security Plan Review and
Improvement
Business-related Risk Assessment
Protection Enforcement
Security Operations
Governance (SOC)
SMS
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6
HP TippingPoint leader in NGIPS Market
Global Security Research : risultati imbattibili su 0day Attacks
Market Position
• Inventore del Network Intrusion Prevention nel 2002• 7 anni consecutivi nel leaders quadrant• NSS Recommended• Completa protezione “In Line” della rete e dalle minaccie applicative • Bassa latenza ad alti throughput (<28micr sec)• Totale accuratezza (zero falsi positivi) • Semplicità di inserimento nel proprio ambiente• Protezione ambienti Cloud e Virtualizzati
NSS Test :“The results of the testing prove that HP TippingPoint continues to
pioneerNetwork Intrusion Prevention and establish its market
leadership in NGIPS”.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7
• HP ArcSight has moved UP and to the RIGHT
• A LEADER for 10 consecutive years, while others have appeared and disappeared
• The most visionary product in the Gartner MQ
• Gartner recognizes HP’s vision through ops-analytics, integrating SIEM and IT Ops
Gartner SIEM MQ 2013
• We are #1 in 4, #2 in 3 of the 8 categories in meeting customer’s SIEM requirements
(no other vendor is #1 in more than 2 categories)
• HP ArcSight is the only vendor that is #1 in all use cases that matters most to your
customers
#1 #2
HP/ArcSight
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8
HP Fortify Detects more application vulnerabilities than anyother vendor with the industry’s largest softwaresecurity research group. Gartner MQ
FortifyOver 1000 organizations worldwide have standardized on HP Fortify:
9 of the top 10 major banks,9 of the top 10 software companies, all of the top 10 telecoms,all 5 top insurance firms.
Offers the deepest deployment experience and mostsupported programming languages, platforms andIDEs.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9
HP Enterprise Security is a leading provider of security and compliance solutions for the modern enterprise that wants to mitigate risk in their hybrid environment and defend against advanced threats.
SSC (Security Standard Council) ha stabilito nel 2006 una dei più completi e complessi standard da raggiungere per le aziende, rilasciando la prima release della PCI DSS.
A fine 2010 la prima versione della PCI DSSè stata rivista con l’aggiunta di un nuovo set distandard cui le aziende interessate devono,con uno audit da fare entro il 2012, dimostrare di rimanere compliant.
La PCI DSS 2.0 aggiunge controlli specifici relativi alla adozione di tecnologie divirtualizzazione e porta i punti da soddisfare a 200 controlli fondati su 12 requirement principali:
PCI Data Security Standard – High Level Overview
Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect cardholder data 2. Do not use vendor-supplied defaults for system passwords and other security parameters Protect Cardholder Data 3. Protect stored cardholder data 4. Encrypt transmission of cardholder data across open, public networks Maintain a Vulnerability Management Program5. Use and regularly update anti-virus software or programs 6. Develop and maintain secure systems and applications Implement Strong Access Control Measures7. Restrict access to cardholder data by business need to know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data Regularly Monitor and Test Networks10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes Maintain an Information Security Policy12. Maintain a policy that addresses information security for all personnel
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10
Security Intelligence e KPI per i Manager
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11
Nuovi Annunci RSA Conference 2013
Asset
Raccolta e Correlazione degli eventi dai servizi CloudArcSight Cloud Connectors
Analisi della sicurezza Estesa ai BigDataHP ArcSight/Hadoop Integration Utility Plug in
Con l’integrazione del monitoraggio del Cloud, l’analisi dei contenuti e l’elaborazione dei Big Data, Hp mette a disposizione dei propri clienti una soluzione per identificare
e bloccare in modo efficace eventuali rischi di sicurezza
Sentiment Analysis per potenziare la security Intelligence
ArcSight & Autonomy IDOL
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12
Definizione : APT
Asset
Gli attacchi APT sono l’ultima frontiere nel mondo delle Cyber-Minacce
Advanced : attacchi complessi costruiti con cura da persono molto competenti che
hanno accesso a vulnerabilità non ancora scoperte -0 Days
Persistent : gli attacchi continuano fino al successo , non si fermano mai
Advanced Persistent Threat (APT)
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13
APT - Components
VULNERABILITY Asset
Actors
Cyber Criminals
Insiders
Hacktivists
Nation-States
Tools Reconnaissance
Intrusion
THREAT
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14
Esempio di un attacco APT
5:00 AMFinance person receives a spearphishing email
8:31 AMRAT program downloaded utilizing Adobe Flash vulnerability
NEXT DAY / 12:01AMNMAP scan to identify and classify network resources
8:30 AMOpens to see 2012 Recruitment plan with .xls file
11TH DAY / 12:05 AMEncrypt and ftp file to good.mincesur.com (esempio di sito usato per attacco).
OVER THE NEXT 10 DAYSCollect data over a period of time
12TH DAYAttack hits the headlines
8:32 AMPoison Ivy RAT Remote Access Tool is initiated
1 2 3 4
5 6 7 8
10
DAY
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15
Cosa sarebbe con un HP TippingPoint NGIPS ?Malicious XLS attachment blocked
Zero-day malware recognition
Failed login attempts detected (Brute Force)
Zero-day malware recognition
RepDV blocks exfiltration to mincesur.com
Backdoor activation detected
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16
THANK YOU
Top Related